Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-86vw-mfpg-wwv9 | jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion |
Fri, 17 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issue is fixed in version 2.2.0. | |
| Title | JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion | |
| Weaknesses | CWE-1333 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-17T19:44:47.439Z
Reserved: 2026-06-08T14:00:43.573Z
Link: CVE-2026-52746
Updated: 2026-07-17T19:44:43.837Z
No data.
No data.
OpenCVE Enrichment
No data.
Github GHSA